On 11/10/2009 09:52 PM, Willy Tarreau wrote:> > - last, the probability of having an NX page just after an> executable one seems too tight to me to even constitute> an attack vector ! BTW, I'm not even certain that all CPUs> correctly implement this check !>

Do you have *any* *evidence* *whatsoever* for that assertion?!

I personally will consider something that doesn't implement propersecurity check to be a potential security hole and will NAK the patch.

-hpa

-- H. Peter Anvin, Intel Open Source Technology CenterI work for Intel. I don't speak on their behalf.